Flashback's Mac Malware Mess

Hundreds of thousands of Mac users have been drawn into a botnet, possibly making the so-called Flashback malware one of the single biggest Mac security incidents to date. "It's not about the operating system anymore; it's about the browser," said Trend Micro's Jamz Yaneza.

In what could be the largest mass infection of Mac computers to date, the Flashback Trojan was estimated to have reached some 700,000 Macs by the end of last week.

The Trojan is being planted on the Macs by owners who've been lured to infected Web pages that send a malware downloader to their computers as soon as they land on the page.

"It's not about the operating system anymore; it's about the browser," Trend Micro Threat Research Manager Jamz Yaneza told TechNewsWorld. "Browsing exploits don't care what operating system you're on."

For years, it has been a common belief that the Apple world hasn't received the attention of cyber miscreants because its share of the personal computer market has been small compared to Windows. That's not the case any more, argued Yaneza.

Even though Apple has a small segment of the computer market, its owners are a richer demographic, he explained. "If you can spend (US)$2,000 for a MacBook, you've got money," he said. "The bad guys want to get a look at your bank account."

The Pro Becomes the Victime

For some security professionals, many data breaches are nothing more than case studies. They're something to be analyzed and quantified.

That pretty much was what it was like for Harry Sverdlove, CTO of Bit9, a maker of computer and network security software. Until last week.

Sverdlove was one of the victims of the data breach of Global Payments that compromised at least 1.5 million credit card numbers.

"I'm used to usually being on the outside as a pundit or analyst, but in this case I was a victim," he told TechNewsWorld.

One of the biggest surprises to Sverdlove was how he found out he'd been victimized. He had to call his bank after his credit card was rejected twice when trying to make a purchase.

His bank told him the card was suspended due to suspicious activity on it. "So now I was being accused of behaving fraudulently," he said.

After getting off the phone with the bank, Sverdlove received a call from a phone with its caller ID blocked.

"Whenever there's a breach, we warn the public to be aware of phishing attacks," he explained. "People are going to try and contact you to get further personal information from you."

Sure enough, the caller said he represented "Fraud Protection Services" and started pumping Sverdlove for personal information.

As it turned out, the caller did represent a legitimate fraud monitoring service hired to advise victims of the breach, but the process did leave Sverdlove a bit perturbed.

"If you're going to offer that service to your customers, why are you using blocked numbers and not identifying the bank and card you're calling in regard to?" he asked.

Facebook Boosting Security

TechNewsWorld has learned that Facebook is expected this week to announce that it's partnering with a major data and security firm to protect its users from being victimized by poisonous Web links.

When Facebook users click on links at the site now, those links are vetted against a database of malicious links maintained by Facebook. By partnering with a company whose core business is security, Facebook hopes to provide its members with more robust protection against following links that will lead them into trouble.

Cops Commonly Track Cells

An overwhelming number of law enforcement agencies engage in at least some degree of cellphone tracking, most without obtaining a warrant to do it.

That was one of the findings by the American Civil Liberties Union (ACLU) after pouring through 5,500 pages of documents obtained from more than 200 law enforcement agencies through a Freedom of Information Act (FOIA) request.

Most law enforcement agencies say they track cellphones to investigate crimes, the ACLU said. Some do it only in emergencies -- to locate a missing person, for example. Only about 5 percent said they have never tracked cellphones.

In some locales, the ACLU noted, cellphone tracking is so common that wireless carriers have prepared manuals for police explaining what data the companies store, how much they charge police to access that data and what officers need to do to get it.

While virtually all of the over 200 police departments that responded to the organizations's FOIA said they track cellphones, only a tiny minority reported consistently obtaining a warrant and demonstrating probable cause to do so, the ACLU said.

Breach Diary

April 4: A Utah Medicaid server was breached and 24,000 files were stolen. The state is investigating how many of 260,000 Medicaid recipients were affected by attack.

April 5: Cody Krestinger, 24, of Tempe, Ariz., entered a guilty plea to conspiracy and unauthorized impairment of a protected computer for his role in attacks on Sony Entertainment last year. He faces a maximum sentence of 15 years in prison. Sentencing is scheduled for July 26.